currently it uses vuex-persist to store the module state in local storage. this is very insecure because every javascript code running on this domain can access local storage .. and therefor access the token.
change this to use secure cookies instead to persist the token.